Screenshots

25 Comments

Worked for me. I changed -ComputerName $env:computername to -ComputerName $userinput and of course prior to that I added $userinput = read-host "Enter Machine Name"
This variation works well for the fella (like me) who likes to remain seated while checking 100 or so production clients :) .
Thanks!

was just looking into this today, a version that I can run against the entire network would be awesome, and if it would output a text file that would say computer name, and what hot fix it found on the pc

https://community.spiceworks.com/topic/1994651-check-for-missing-wannacry-patches-with-powershell?page=1&source=navbar-community-notifications#entry-6894168
Check this forum for network scanning scripts.. Although I've not had much luck. I will look and see if i can adapt mine to scan thw network.. But i can't promise anything

What do you think about running this script with a GPO at computer startup? We have over 100 windows computers and I was tasked with checking if all of them have the correct updates. Unfortunately we don't have powershell remoting enabled on the computers and I'm forced to use WMI. What do you ladies and gentlemen recommend? How do you approach it? Thanks
I used:
$windowsPC = get-adcomputer -filter {operatingsystem -like "*windows*"};
foreach ($w in $windowsPC) {gwmi win32_ReliabilityRecords -filter "sourceName LIKE '%Update%' AND message LIKE 'KB401%' " -computerName $w.name | select computername, message}

I apologize, I am extremely confused and entirely new to powershell and scripting. Please forgive my ignorance, I would typically do much more research but this is important, time sensitive, and I'm not figuring it out solo.
If it tells me, "Didn't Find Hotfix" does it mean I'm up to date and it didn't find any hotfixes that I'm missing, or does it mean that it didn't find the hotfixes in my system and therefore I need to go and get them right meow?
Thank you in advance!

would removing the SMBv1 feature from your servers also mitigate this vulnerability, or does this also effect SMBv2 as well?
We'll be applying the patches regardless but turning off SMBv1 is probably a good idea where possible since it's known to be insecure and not as efficient as v2 and v3 anyway

@seth.
That means that it didn't find any of the listed hotfixes. If it does it lists the hotfix it found, for examples I've attavhed some screenshots above.
@graeme.
I've read that switching off smbv1 is a fix also... To be honest I'm simply applying the hotfix, ensuring that SMB is not externally facing and that my users are extra careful and notify me of anything they may think is suspicious! I'll probably setup a gpo to switch off smbv1 as well im confident everything is fully patched.